EDRi, Microsoft’s new small print – how your personal data is (ab)used:
Summing up these 45 pages, one can say that Microsoft basically grants itself very broad rights to collect everything you do, say and write with and on your devices in order to sell more targeted advertising or to sell your data to third parties. The company appears to be granting itself the right to share your data either with your consent “or as necessary”.
This was particularly ominous:
Also, when device encryption is on, Windows automatically encrypts the drive Windows is installed on and generates a recovery key. The BitLocker recovery key for the user’s device is automatically backed up online in the Microsoft OneDrive account.
That said, there will be a few things you can turn off by deep diving into your computer’s settings and the Privacy Dashboard. And, I suspect, by not having a Microsoft Account or a OneDrive at all.
Microsoft’s new services agreement goes into effect on 1 August 2015, only a couple of days after the launch of the Windows 10 operating system on 29 July.
A lot of companies spend a great deal of time, and politically gnashing of teeth among developers, in order to draft style guidelines. This is garbage — it truly does not matter where you put braces, for example. Experienced coders have to be accustomed to reading various styles anyway. Here’s what you should do. Start a program asking anybody who is interested to come in after work in order to draft a new set of style guidelines. Fire everyone who shows up — they are political animals who are likely deadweight anyway. Then just pick a style guideline at random, like the Linux kernel style doc or the WebKit style.
— Errata Security, How to code: lesson 27
I don’t know if I’m persuaded by this, for all that it sounds good. I would expect that some coding styles impose some discipline on coders, making it hard to make careless errors — and easier for others to spot them. Plus shared expectations do make code easier to read and understand.
Then again, maybe modern coding languages have other tools that can notice when you leave out a ) or a }, or mis-specify a variable. It’s been a long time since I actually had to write code anyone else would see, much less work with.
Firefox’s optional Tracking Protection reduces load time for top news sites by 44%.
How to turn on Tracking Protection:
- In the Location bar, type about:config and press Enter.
- The about:config “This might void your warranty!” warning page may appear. Click I’ll be careful, I promise! to continue to the about:config page.
- Search for privacy.trackingprotection.enabled.
- Double-click privacy.trackingprotection.enabled to toggle its value to true.
This will turn on Tracking Protection. If you later want to turn it back off, repeat the above steps to toggle the preference back to false.
Keep DRM off your computer. Firefox updated to version 38 today, and it comes with DRM built in (without which, I’m told, you can’t watch Neflix).
The link above is to the US-English version of Firefox. Here’s the multi-lingual index to other language DRM-free versions of Firefox.
You can install this instead of the ver 38 update, or on top of it. In my experience it remembers all your customizations, such as plugins.
(Image from L[P]SI Blog)
Google search link fix:
This extension prevents Google, Yahoo and Yandex search pages from modifying search result links when you click them. This is useful when copying links but it also helps privacy by preventing the search engines from recording your clicks.
In other words, when I get google search results and right-click on them, instead of getting useless garbage, I get a link I can use in blog post or a footnote — especially handy for linking to .pdf files where the URL doesn’t show up in the program that pops up to display the document.
Most folks won’t need this extension. But those who do will love it.
EFF and other fine groups announce DETEKT, a spyware detection tool. It’s a joint project with Amnesty International, Digitale Gesellschaft, and Privacy International. Read the disclaimers and instructions carefully.
Note also that they seem to be on a very short release cycle: I downloaded version 1.1 at work yesterday (nothing detected), and just downloaded version 1.3 at home today.
Disclosure: I’m a proud member of the Electronic Frontier Foundation Advisory Board.
Oh, joy: despite a vigorous round of patching, Shellshock isn’t dead, and isn’t even resting:
Google security researcher Michal "lcamtuf" Zalewski has disclosed to iTnews that over the past two days he has discovered two previously unaddressed issues in the Bash function parser, one of which is as bad as the original Shellshock vulnerability.
"The first one likely permits remote code execution, but the attack would require a degree of expertise to carry out," Zalewski said.
"The second one is essentially equivalent to the original flaw, trivially allowing remote code execution even on systems that deployed the fix for the initial bug," he added.
— iTnews.com.au, Further flaws render Shellshock patch ineffective. Spotted via Slashdot